Information Security – Credit Card Fraud

Buyers, beware: Credit-card scheme gaining steam in NE Pennsylvania

by

The latest technological scheme gaining traction in Northeastern Pennsylvania strikes victims where it hurts most — their bank accounts.
Credit-card skimmers are small, sometimes hard-to-recognize devices that criminals plant at gas station pumps, ATMs, self-checkouts or any unattended place that someone might swipe their credit or debit card.
Protect your PIN, they advise.
While only two cases have been reported in Luzerne County, the scheme is worth watching out for in the area, local investigators say.
Lewis is investigating one of the reported card skimming cases in the area: a gas station on Route 115 in the township that was struck by a criminal who planted an internal device in May.
It’s easy to use someone’s PIN number and account number to access a lot of different accounts, and some of those have a lot of money in them.” Skimmers are becoming more prevalent nationwide because technology is cheaper and more readily available than ever before, officials said.
In another reported case in Luzerne County, police in Wilkes-Barre Township arrested a Taco Bell employee in January for allegedly stealing credit-card information from customers for more than a month.
While skimmers have been around for years, the technology to steal credit account information continues to improve, and devices have become smaller and harder to detect, said Owen, the Better Business Bureau official.
“But if it’s not detected and these thieves go and damage your credit report, that’s where it’s a long-term problem where it could take months or even years to fix.” To protect card info from skimmers, the Better Business Bureau advises consumers to avoid using ATMs in poorly lit or low-trafficked areas.
Consumer protections for debit and credit cards vary but depend largely upon when the fraudulent activity is reported.

Fraud in the Gaming Industry

by

These days, especially with the digital nature of our games, refund theft and chargeback fraud are two of the most common ways that developers are being hurt.
Return fraud involves returning games (or DLC) that are ineligible for refund to a retailer in exchange for money or other goods.
On the other hand, chargebacks cost $15 for each transaction and can put a company into a very special Visa Monitoring Program, which identifies merchants who have exceeded the Visa chargeback thresholds.
For instance, Steam has a refund policy in which they refund games for any reason.
Steam refunds players for the full amount of the game, which means the developer gets absolutely nothing but the player enjoys the game for free.
Chargeback Fraud Just last year, Ludeon Studios stopped issuing keys for new purchases of their game, Rimworld, due to concerns of credit card fraud.
On the other hand, U.S. merchants are eligible for the Merchant Chargeback Monitoring Program, which requires that merchants have at least a 1% chargeback ratio (a minimum of 100 chargebacks and 100 transactions in a month).
Only refund in the same form of currency used, and make sure that you offer store credit to eliminate, or at least limit cash refunds.
Using a protection service can help share, or even eliminate, the burden of having to manage fraud, so you can go back to doing what you do best—making games and talking to your community.
Otherwise, you won’t know until it is too late and your company is placed into the Visa Monitoring Program.

How machine learning is taking on online retail fraud

by

How machine learning is taking on online retail fraud.
ZDNet talked to fraud prevention startups Fraugster and Riskified to get their insights.
Seven percent of that is attributable to chargebacks; 74 percent is for fraud management software, hardware and employees; and 19 percent comes from false positives — transactions erroneously rejected as fraud.
Gal says this incentivizes Riskified to approve as many good transactions as possible, while its chargeback guarantee means it takes on fraud liability for every order it approves, requiring the company to accurately identify fraud attempts.
When we first launched Riskified, our entire service was identifying good orders that retailers planned to decline.
Laemmle says they found that all existing anti-fraud solutions were built on outdated technologies and could not deal with sophisticated cyber criminals: “Existing rule-based systems as well as classical ML solutions are expensive and slow to adapt to new fraud patterns in real-time, hence inaccurate.
This requires a lot of manual work.
This means they have to pre-segmentize the data, etc.
Riskified has invested significant resources into providing retailers with transparency into our ML decisions.
As we have noted before, transparency and ML approaches seems to be at odds at present.

Warning for All Credit Card and Debit Card Users

by

Once that data is used to make a purchase, the consumer’s account will be charged.
How does fraud credit card transaction work?
Credit card fraud often occurs because the credit card transactions are way too simple.
At the beginning, those involved in the transaction (customer, card issuer, merchant and merchant’s bank) send and receive information to authorize or reject a given purchase.
If the purchase is authorized, it is settled by an exchange of money, which usually takes place several days after the authorization.
Then, the card issuer physically delivers the credit card to the consumer.
To make a purchase with it, the cardholder gives his card to the vendor (or, online, manually enters the card information), who forwards data on the consumer and the desired purchase to the merchant’s bank.
The card issuer’s final decision is sent back to both the merchant’s bank and the vendor.
Rejection may be issued only in two situations: if the balance on the cardholder’s account is insufficient or if, based on the data provided by the merchant’s bank, there is suspicion of fraud.
If you are in doubt, then I suggest that you don’t make the transaction.

4 Ways to Reduce Credit Card Chargebacks

by

4 Ways to Reduce Credit Card Chargebacks.
Credit card chargebacks — wherein shoppers purchase products with a credit card and then contest the charge from the credit card issuer — are an always-present threat to ecommerce merchants.
4 Ways to Reduce Credit Card Chargebacks Streamline shipping operations.
Alternatively, merchants that offer same-day shipping or next- or two-day shipping see fewer chargebacks, usually.
It’s customer service that often separates the successful sellers.
Do not harass customers who want to return products.
Sometimes chargebacks are the result of true fraud, where criminals use fraudulently obtained credit card information to make a purchase.
Guard against fraudulent chargebacks with a suite of customized fraud prevention tools that make sense for your business.
Merchants can work with their payment processor or other advisor to discover the best combination of tools for their business.
Some solution providers, such as Verifi and others, offer alerts or notifications when a chargeback is initiated, giving the merchant time to resolve the dispute with the cardholder rather than navigating through the convoluted chargeback process.

Beware of Fake Fraud Alerts

by

Beware of Fake Fraud Alerts.
Chances are you’ve gotten a fraud alert from your bank or credit card company asking you to verify that you’ve actually made a certain debit or credit transaction.
They do this when their security algorithms spot something that doesn’t seem right.
And the use of this computer technology does help reduce fraud – something we all pay for in the form of higher prices and interest rates.
But beware: Scammers are now trying to cash in on the spike in fraud alerts.
They’ll call or text and pretend to be the fraud department with your financial institution or credit card company.
They’re hoping they can trick you into giving them your account number or other personal information.
Your bank or credit card company already has your personal information and would never call you and ask your for it.
Hang up the phone, look at your card and call the number on the back.
By making that call yourself, you know you’re not talking to a scammer.

Reservation System Breach Affects Hard Rock Hotels & Casinos, Loews Hotels

by

Reservation System Breach Affects Hard Rock Hotels & Casinos, Loews Hotels.
Along with death and taxes, data breaches are one of the only constants in this technology-driven world.
In this blog post, we’re talking about the SynXis system hack which affected multiple hotel chains using Sabre Hospitality Solutions’ reservation system.
Sabre Hospitality Solutions says an unauthorized party accessed its systems What happened: A number of hotels use third-party reservation and payment systems to run their businesses, and Sabre, which serves over 36,000 hotels and lodging services, is a giant among these third-party services.
Even among this subset, not all transactions included credit card security codes, and the company claims that some of its bookings were processed with virtual credit card numbers, which are one-time credit card numbers used to conceal a consumer’s true credit card number.
Who is affected: While the subset of customers identified through Sabre’s investigation are the only known victims so far, a handful of hotels have publically issued statements mentioning their usage of SynXis and explaining that they have customers who might have been directly affected by the breach.
Sabre also seems to have notified specific business partners, like Hard Rock Hotels & Casinos as well as Loews Hotels.
While neither of these chains stated that their internal systems were compromised, since both chains use SynXis, any Hard Rock or Loews customers who stayed at certain hotels between August 2016 and March 2017 may be impacted.
If you stayed in an impacted hotel, be sure to check your credit card statement and report any unfamiliar charges immediately, check your credit reports to confirm no new accounts were opened in your name and consider investing in an identity theft protection service, as it will help you keep track of who may or may not have your personal information.
You can start by regularly monitoring your credit reports as well as your credit card and bank account activity.

Everything you should know about credit card fraud and how to stay safe

by

By 2020, that number is expected to reach US$31 billion.
Such costs include, among other expenses, the refunds that banks and credit card companies make to defrauded clients (many banks in the West cap consumers’ liability at US$50 as long as the crime is reported within 30 days for credit cards and within two days for debit cards.
But there are two main categories: card-not-present (CNP) frauds: This, the most common kind of fraud, occurs when the cardholder’s information is stolen and used illegally without the physical presence of the card.
Once that data is used to make a purchase, the consumer’s account is charged.
The mechanism of a credit card transaction Credit card fraud is facilitated, in part, because credit card transactions are a simple, two-step process: authorisation and settlement.
At the beginning, those involved in the transaction (customer, card issuer, merchant and merchant’s bank) send and receive information to authorise or reject a given purchase.
Once a purchase had been authorised, there is no going back.
Then, the card issuer physically delivers the credit card to the consumer.
To make a purchase with it, the cardholder gives his card to the vendor (or, online, manually enters the card information), who forwards data on the consumer and the desired purchase to the merchant’s bank.
Based on my research, which examines how advanced statistical and probabilistic techniques could better detect fraud, sequential analysis – coupled with new technology – holds the key.

All You Need to Know About Credit Card Fraud

by

All You Need to Know About Credit Card Fraud.
Such costs include, among other expenses, the refunds that banks and credit card companies make to defrauded clients (many banks in the West cap consumers’ liability at US$50 as long as the crime is reported within 30 days for credit cards and within two days for debit cards.
But there are two main categories: card-not-present (CNP) frauds: This, the most common kind of fraud, occurs when the cardholder’s information is stolen and used illegally without the physical presence of the card.
This kind of fraud usually occurs online, and may be the result of so-called “phishing” emails sent by fraudsters impersonating credible institutions to steal personal or financial information via a contaminated link.
Once that data is used to make a purchase, the consumer’s account is charged.
The mechanism of a credit card transaction Credit card fraud is facilitated, in part, because credit card transactions are a simple, two-step process: authorisation and settlement.
At the beginning, those involved in the transaction (customer, card issuer, merchant and merchant’s bank) send and receive information to authorise or reject a given purchase.
Once a purchase had been authorised, there is no going back.
Then, the card issuer physically delivers the credit card to the consumer.
To make a purchase with it, the cardholder gives his card to the vendor (or, online, manually enters the card information), who forwards data on the consumer and the desired purchase to the merchant’s bank.

Hackers nab credit card data from up to 1,000 California Realtors

by

Hackers nab credit card data from up to 1,000 California Realtors.
Just over 1,000 California Association of Realtors members may have been affected by a breach of the online store they use to buy everything from blank home sales contracts and disclosure forms to books, software, magnets, lapel pins and coffee mugs.
The malware attack, which occurred from March 13 through May 15, prompted CAR subsidiary Real Estate Business Services to notify the affected 1,033 members last week their personal data may have been stolen while using payment cards such as credit cards for online purchases.
“We’d like to keep ahead of these guys, but these guys are so smart it’s sickening,” Ferrier said.
The breach was discovered after a member called and said, “My credit card got hacked.” Apparently, illicit charges to the member’s card were made right after he bought something online at the store.car.org site, the REBS web address.
The malware made it possible for hackers to get a user’s name, address, payment card number, card expiration date and, in some cases, the three-digit card verification code (or CVC) — in short, everything needed to bill charges to a customer’s account.
REBS has changed its payment processing, using PayPal rather than taking payment card data directly.
Although 1,033 members used their payment cards to make purchases during period REBS computers were infected, Ferrier said she doesn’t know how many cards were hacked.
REBS is advising members to monitor their account statements, review their credit reports and consider placing a fraud alert on their credit reports.
If members have questions, they can contact REBS at 213-739-8283.